package com.t.bricks.bussiness.service.guest.impl;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

import com.t.bricks.bussiness.db.dao.guest.GuestDao;
import com.t.bricks.bussiness.model.guest.Guest;
import com.t.bricks.bussiness.service.guest.GuestService;
import com.t.bricks.model.MsgEmity;
import com.t.bricks.utils.function.encode.MD5Util;
import com.t.bricks.utils.spring.ModuleUtil;

/**
 * '业务账户'通用业务操作类接口实现
 */
@Service
public class GuestServiceImpl implements GuestService {

	@Autowired
	private GuestDao guestDao;
	
	/**
	 * MD5加密干扰串
	 */
	@Value("${app.md5.key:未设置app.md5.key配置项}")
	private String appMd5Key;
	
	/**
	 * 修改密码
	 * @param sDbAndTable 数据库与表名称(dbName.tableName)
	 * @param sId
	 * @param sOldPass
	 * @param sNewPass
	 * @return
	 */
	@Override
	public MsgEmity editPass(String sDbAndTable, String sId, String sOldPass, String sNewPass) {
		MsgEmity me = validDbAndTable(sDbAndTable);
		if (!me.isSuccess()) {
			return me;
		}
		
		if (null == sId || "".equals(sId.trim())) {
			return new MsgEmity(false, "账户sId不能为空！", 8001);
		}
		
		if (null == sOldPass || "".equals(sOldPass.trim())) {
			return new MsgEmity(false, "旧密码不能为空！", 8002);
		}
		
		if (null == sNewPass || "".equals(sNewPass.trim())) {
			return new MsgEmity(false, "新密码不能为空！", 8003);
		}

		me = guestDao.hasById(sDbAndTable, sId);
		if (!me.isSuccess()) {
			return me.setData(8004);
		}
		
		if ((Boolean)me.getData()) {
			return me.setData(8009);
		}
		
		me = guestDao.findById(sDbAndTable, sId);
		if (!me.isSuccess() || null == me.getData()) {
			return new MsgEmity(false, "没有查找到对应账户！", 8005);
		}
		
		Guest Guest = me.getData();
		
		if (Guest.getiState() != 1) {
			return new MsgEmity(false, "账户被限制！", 8006);
		}
		
		String sOldPassMd5 = MD5Util.md5(sOldPass, appMd5Key);
		if (!sOldPassMd5.equals(Guest.getsPass()) ) {
			return new MsgEmity(false, "提供的旧密码错误！", 8007);
		}
		
		String sNewPassMd5 = MD5Util.md5(sNewPass, appMd5Key);
		if (sNewPassMd5.equals(sOldPassMd5)) {
			return MsgEmity.success(8999, "密码无需修改！");
		}
		
		return guestDao.editPass(sDbAndTable,
				sId,
				sOldPassMd5,
				sNewPassMd5,
				Guest.getiVersion(),
				ModuleUtil.currentLoginUserId());
	}
	
	/**
	 * 重置密码
	 * @param sDbAndTable 数据库与表名称(dbName.tableName)
	 * @param sId 被修改的账户编号
	 * @param sPass 操作人员的密码
	 * @return
	 */
	@Override
	public MsgEmity resetPass(String sDbAndTable, String sId, String sPass) {
		MsgEmity me = validDbAndTable(sDbAndTable);
		if (!me.isSuccess()) {
			return me;
		}
		
		if (null == sId || "".equals(sId.trim())) {
			return new MsgEmity(false, "账户编号不能为空！", 8001);
		}
		
		sId = sId.trim();
		
		String currentLoginUserId = ModuleUtil.currentLoginUserId();
		if (null == currentLoginUserId || "".equals(currentLoginUserId.trim())) {
			return new MsgEmity(false, "未能获取操作人员信息！", 8002);
		}

		if (!"/00000000/00000001/".contains(currentLoginUserId) && !sId.equals(currentLoginUserId)) {//超级管理员登录/管理员或当前账户
			return new MsgEmity(false, "仅允许管理员或当前账户重置密码", 8003);
		}
		
		me = guestDao.findById(sDbAndTable, currentLoginUserId);
		if (!me.isSuccess() || null == me.getData()) {
			return new MsgEmity(false, "当前操作账户信息错误,请联系管理员！", 8004);
		}
		
		Guest GuestModifieder = me.getData();

		String sModifiederPass = MD5Util.md5(sPass, appMd5Key);
		if (!(sModifiederPass.equals(GuestModifieder.getsPass()))) {
			return new MsgEmity(false, "提供的操作账户密码错误!", 8005);
		}
		
		me = guestDao.findById(sDbAndTable, sId);
		if (!me.isSuccess() || null == me.getData()) {
			return new MsgEmity(false, "没有查找到待重置密码的账户！", 8006);
		}
		
		Guest Guest = me.getData();

		String sOldPass = Guest.getsPass();
		String sNewPass = MD5Util.md5("123456", appMd5Key);
		if (sOldPass.equals(sNewPass)) {
			return MsgEmity.success(8999, "密码无需修改重置！");
		}
		
		return guestDao.editPass(sDbAndTable,
				sId,
				sOldPass,
				sNewPass,
				Guest.getiVersion(),
				currentLoginUserId);
	}
	
	/**
	 * 根据账户编号设置账户类型
	 * @param sDbAndTable 数据库与表名称(dbName.tableName)
	 * @param sId 账户编号
	 * @param sType 账户类型
	 * @return
	 */
	@Override
	public MsgEmity editUserType(String sDbAndTable, String sId, String sType) {
		MsgEmity me = validDbAndTable(sDbAndTable);
		if (!me.isSuccess()) {
			return me;
		}
		
		if (null == sId || "".equals(sId)) {
			return new MsgEmity(false, "账户编号不能为空！", 8001);
		}
		
		if (null == sType || "".equals(sType)) {
			return new MsgEmity(false, "账户类型不能为空！", 8002);
		}
		
		String currentLoginUserId = ModuleUtil.currentLoginUserId();
		if (null == currentLoginUserId || "".equals(currentLoginUserId.trim())) {
			return new MsgEmity(false, "未能获取操作人员信息！", 8003);
		}
		
		if ("/00000000/00000001/".contains(currentLoginUserId)) {//超级管理员登录/管理员
			return guestDao.editUserType(sDbAndTable, sId, sType);
		}
		
		if (sId.equals(currentLoginUserId)) {
			return new MsgEmity(false, "只有管理员或当前账户能设置账户类型！", 8004);
		}
		
		return guestDao.editUserType(sDbAndTable, sId, sType);
	}
	
	/**
	 * 验证数据库与表名参数是否正确,防止sql注入
	 * @param sDbAndTable
	 * @return
	 */
	private MsgEmity validDbAndTable(String sDbAndTable) {
		if (null == sDbAndTable || "".equals(sDbAndTable.trim())) {
			return new MsgEmity(false, "参数为空！", 1001);
		}
		
		sDbAndTable = sDbAndTable.trim();
		
		if (sDbAndTable.contains(" ")) {
			return new MsgEmity(false, "参数含有空格！", 1002);
		}
		
		if (!sDbAndTable.contains(".")) {
			return new MsgEmity(false, "参数格式错误！", 1003);
		}
		
		if (sDbAndTable.contains("-") || sDbAndTable.contains("/")) {
			return new MsgEmity(false, "参数中含有非法字符！", 1004);
		}
		
		return MsgEmity.success("验证通过");
	}
	
}
